CN111327597B - Digital evidence obtaining method based on block chain privacy protection and fine-grained access control - Google Patents

Digital evidence obtaining method based on block chain privacy protection and fine-grained access control Download PDF

Info

Publication number
CN111327597B
CN111327597B CN202010068479.8A CN202010068479A CN111327597B CN 111327597 B CN111327597 B CN 111327597B CN 202010068479 A CN202010068479 A CN 202010068479A CN 111327597 B CN111327597 B CN 111327597B
Authority
CN
China
Prior art keywords
data
supervisor
digital
key
fine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010068479.8A
Other languages
Chinese (zh)
Other versions
CN111327597A (en
Inventor
翁健
张斌
李明
袁浩宸
李勇标
罗伟其
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN202010068479.8A priority Critical patent/CN111327597B/en
Publication of CN111327597A publication Critical patent/CN111327597A/en
Application granted granted Critical
Publication of CN111327597B publication Critical patent/CN111327597B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a digital evidence obtaining method based on block chain privacy protection and fine-grained access control.A first monitoring party creates a digital evidence obtaining transaction, sends a digital evidence obtaining transaction request to a second monitoring party and transmits important information of the digital evidence obtaining transaction to the second monitoring party; the second supervisor generates attribute encryption intermediate parameters through an encryption module and authorizes the attribute encryption intermediate parameters to be published in the block chain; after obtaining authorization, the first supervisor acquires the slicing keys from the key management mechanism module through authorization information, combines the slicing keys to generate decryption keys, and the data acquisition module acquires data in the storage system through the decryption keys; the first supervisor analyzes the data after acquiring the data to obtain a data analysis result; further generating a digital evidence obtaining report, and completing evidence obtaining; the invention utilizes the potentials of the blockchain and the intelligent contract and designs the encryption primitive to construct a vehicle networking digital evidence obtaining scheme based on the blockchain, and the scheme has auditability, privacy protection and fine-grained data access control.

Description

Digital evidence obtaining method based on block chain privacy protection and fine-grained access control
Technical Field
The invention relates to the research field of network space security, in particular to a digital evidence obtaining method based on block chain privacy protection and fine-grained access control.
Background
With the increasing communication modes of vehicle sensors, control units, Electronic Control Units (ECU), Bluetooth, Wi-Fi and the like, the functions of the vehicle are greatly enhanced. According to ford automotive data, modern automobiles have approximately 50-70 computers, which make them important sources of digital data (e.g., tire door opening location, pumping and lamp on/off). These rich sensory and operational data make vehicles more intelligent and intelligent, which will effectively push the automotive industry to prosper in the near future. However, since everything has its two aspects, more and more intelligent vehicles also pose many security problems to us. It is not uncommon for a terrorist attack to be carried out using a vehicle as a weapon, which causes tremendous damage and loss to our society. In particular, a Vehicle striking Attack (VRA) is a typical Attack mode, and refers to a malicious act of intentionally striking a building or a crowd with a Vehicle.
For these types of vehicle crash attacks, forensic investigations specific to the vehicle, known as vehicle networking Forensics (VDF), can be conducted to analyze suspicious behavior and collect evidence, known as vehicle networking Digital Forensics. Because vehicle-mounted computers collect large amounts of data, internet-of-vehicles digital evidence has attracted extensive attention in both academic and industrial areas. It may help law enforcement agencies detect potential VRAs by identifying suspicious activity. In particular, with the advent of automobile sharing and auto-driving automobiles, this area is becoming more important, which is a future approach. However, this also brings about an urgent problem: who will be who the mistake if an autonomous vehicle is involved in a fatal traffic accident? In the latter case, the manufacturer may be called out with an unprecedented amount to save lives and eventually close. Therefore, in the era of automatic driving, it becomes important to provide a reasonable technical means for authorities to investigate traffic accidents.
For a vehicle crash attack VRA, law enforcement agencies may prevent or avoid the occurrence of a VRA if sufficient evidence is obtained through the VDF. For example, a car rental company may find it difficult for someone to interpret the purpose of their car rental while renting a car. Law enforcement agencies may incorporate other relevant data (e.g., a traffic management center to report parking for several days in a particular area without any reasonable interpretation) that may confirm that this is a potential threat to public safety in that area. Clearly, a single or small number of data sources is not sufficient to analyze suspicious VRA behavior, requiring law enforcement to obtain more comprehensive historical data of the car and other relevant data sources. However, it is not easy to conduct vehicle forensics investigation VDF due to a number of safety issues. In fact, there are a number of security and privacy issues that result in adverse effects on VDF implementation: 1) a malicious external attacker may reveal details of the credential to the suspect, which may tell the suspect to give up the attack temporarily; 2) law enforcement agencies may misuse their rights in their hands to obtain more data not relevant to this evidence, or even tamper with the evidence collected; 3) malicious insiders may be present in the data source who provide law enforcement with modified historical data, or claim that historical data has been lost, in violation of a Digital chain of custody. In addition to this, there are other problems that are detrimental to the normal VDF procedure. In particular, as vehicles become more intelligent and complex than ever, due to the lack of specialized tools, it is difficult for law enforcement agencies to obtain forensic data and seek technical support from the business community. However, the privacy leakage threat is brought in the process.
Based on the analysis, it is known that there are many security and privacy disclosure problems in the car networking digital evidence obtaining process, some are from internal attacks (including monitoring for self-theft and unauthorized evidence obtaining), and some are from external attacks.
Disclosure of Invention
The invention mainly aims to overcome the defects and shortcomings of the prior art, provides a digital evidence obtaining method based on block chain privacy protection and fine-grained access control, utilizes the potentials of a block chain and an intelligent contract and designs an encryption primitive to construct a vehicle networking digital evidence obtaining scheme based on the block chain, and the scheme has auditability, privacy protection and fine-grained data access control.
The purpose of the invention is realized by the following technical scheme:
the digital evidence obtaining method based on block chain privacy protection and fine-grained access control is characterized by comprising the following steps of:
s1, the first supervisor establishes digital evidence-obtaining transaction by logging in the user management module, initiates a digital evidence-obtaining transaction request to the second supervisor, and transmits important information of the digital evidence-obtaining transaction to the second supervisor through a safety channel;
s2, after receiving the important information, the second supervisor generates attribute encryption intermediate parameters through the encryption module, and the attribute encryption intermediate parameters are authorized by the second supervisor and then are published in the block chain;
s3, after obtaining authorization of a second supervisor, a first supervisor obtains a slicing key from a key management mechanism module through authorization information, wherein the key management mechanism module is composed of a plurality of trusted mechanisms, and the trusted mechanisms control the key through a data fine-grained access control method;
s4, after receiving the slicing keys, the first supervisor combines the slicing keys to generate decryption keys, and the data acquisition module acquires data in the storage system through the decryption keys;
s5, after the first supervisor collects data, the data are analyzed through a data analysis module to obtain a data analysis result;
s6, the data report generating module generates a forensics digital report according to the data analysis result and stores the forensics digital report in the block chain; and after receiving the evidence obtaining digital report, the second supervisor triggers the completion of evidence obtaining together with the first supervisor.
Further, in step S1, the important information includes sensitive information of the forensic attribute.
Further, the step S2 is specifically: and after receiving the important information transmitted by the first supervisor through the secure channel, the second supervisor generates a D-KP-ABE attribute encryption intermediate parameter, and the second supervisor signs and authorizes the D-KP-ABE attribute encryption intermediate parameter and then releases the D-KP-ABE attribute encryption intermediate parameter to the block chain, namely, the evidence obtaining transaction request is authorized by the second supervisor.
Further, the step S3 is specifically: after obtaining the authorization of a second supervisor by a first supervisor, the first supervisor obtains a fragmentation key from a key management mechanism module through authorization information, the key management mechanism module consists of a plurality of trusted mechanisms, and the trusted mechanisms control the key through a data fine-grained access control method, namely the key management mechanism module encrypts intermediate parameters and the own fragmentation key according to attributes to obtain fragmentation key data, encrypts the fragmentation key data and sends the fragmentation key data to the first supervisor, and publishes hash information of the key data in a block chain; the key management authority module uploads transaction information in a blockchain.
Further, the key management mechanism module controls the key through a data fine-grained access control method, specifically: a master key management scheme for generating DKG based on a distributed key of a alliance chain multi-mechanism is constructed, and a D-KP-ABE attribute encryption scheme for protecting privacy of access policies is designed on the basis of the master key management scheme.
Further, the step S4 is specifically: after the first supervisor receives the slicing keys, when the number of the slicing keys is larger than a threshold value K, the slicing keys are combined to generate decryption keys with corresponding attributes, and the data acquisition module acquires data with corresponding attributes in the storage system through the decryption keys.
Further, the method also comprises the step that the decryption module verifies whether the request of the decryption key corresponds to the authorization request of the second supervisor, and the verification is checked through issued transactions.
Further, the threshold K is t +1, and t is the minimum number of fragments when the decryption key negotiated and set between the regulators is recovered.
Further, the step S5 is specifically: after the first supervisor collects data, the data are analyzed through a data analysis module to obtain a data analysis result; the analysis process adopts the technical means of software and hardware digital evidence obtaining to analyze the collected data.
Further, the step S6 is specifically: the data report generation module generates a forensic digital report according to the data analysis result, and the first monitoring party submits the forensic digital report and stores the hash of the forensic digital report in the blockchain.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the invention utilizes the potentials of the blockchain and the intelligent contract and designs the encryption primitive to construct a digital evidence obtaining scheme of the Internet of vehicles based on the blockchain, the scheme has auditability, privacy protection and fine-grained data access control, the power abuse of a first supervisor is prevented so as to obtain the evidence obtaining range allowed by a redundant second supervisor, the safety protection of the data is cooperatively managed by a plurality of key management mechanisms, and the problem of traditional centralized data monitoring and self-stealing is solved. In addition, the evidence obtaining process under the alliance chain mode is transparent, and people and other organizations can supervise whether the evidence obtaining process conforms to the normal process, so that the validity of evidence obtaining is ensured.
Drawings
FIG. 1 is a flow chart of a digital evidence obtaining method based on block chain privacy protection and fine-grained access control according to the present invention;
FIG. 2 is a block diagram of a digital forensic system according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating credential state machine management in accordance with an embodiment of the present invention;
fig. 4 is a schematic diagram of distributed key management in the embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
Examples
A digital evidence obtaining method based on block chain privacy protection and fine-grained access control is realized through a digital evidence obtaining system based on block chain privacy protection and fine-grained access control as shown in figure 1, the digital evidence obtaining system comprises an alliance block chain formed by law enforcement agencies, courts, alliance key management agencies, data sources (enterprises or individuals) and the like, and the system comprises a service layer, an application layer, a block chain layer and a distributed data storage layer which are sequentially connected as shown in figure 2. The business layer is oriented to digital evidence obtaining management of a Web end, supports login operation of users with different roles and realizes a convenient user interaction function; the application layer supports functional components such as evidence obtaining, evidence storing, source tracing and the like. Based on a data interface layer of Web3j, conversion logic for inputting users and intelligent contracts is realized; the block chain layer is an alliance chain constructed based on a plurality of trusted authorities, and the execution of a digital evidence obtaining state machine is completed by using an intelligent contract; the data storage layer is used for storing evidence obtaining data in a distributed mode and supports general interfaces such as IPFS and S3.
Among them, a ticket State Machine (FSM) based on intelligent contract time driving is designed. The ticket state machine is a finite state machine which designs a digital certificate (warrange) full-period management based on an intelligent contract. The whole process comprises 8 states: credential Request (Warrant Request), credential Authorization (Warrant Authorization), sharded key acquisition (Shares retrieve), Data Collection (Data Collection), Data inspection (Data evaluation), Data Analysis (Data Analysis), Forensics Report (Forensics Report), and completion (Completed), each state transition requiring a specific multiple or single member to digitally sign completion validation, credential state machine management as shown in fig. 3, specifically:
and S1, firstly, establishing a digital evidence-obtaining transaction in the intelligent contract by a law enforcement agency and the first supervisor, wherein the transaction comprises the summary information of evidence-obtaining, and sensitive information of evidence-obtaining attributes (evidence-obtaining objects, data types, time and the like) is not leaked out. Law enforcement transmits this sensitive attribute information to the court over a secure channel. And obtaining evidence to enter a certificate request state.
The investigator creating a Warrant request includes: description information des, data request policy A information hash value, and creation timestamp time:
Figure BDA0002376648080000051
the FSM instance created in the intelligent contract is a FSM,
Figure BDA0002376648080000052
and S2, the court is the second supervisor, after receiving the attribute data sent by the law enforcement secretly, intermediate parameters of D-KP-ABE attribute encryption are generated, and the intermediate parameters are signed by the court and then are published in the block chain. The outside world can publicly audit that the forensic request is authorized by the court, but cannot know the private data in the forensic request. Obtaining evidence and entering a certificate authorization state;
Figure BDA0002376648080000053
Figure BDA0002376648080000054
wherein HreqFor law enforcement request information res, ρ (1), …, ρ (l) are intermediate values returned by the court to the law enforcement structure over the secure channel, random parameters randomly chosen for the court.
S3, after obtaining court authorization, law enforcement officers can obtain the fragmentation key from the alliances through authorized information, the alliances manage the master key together, the data of the fragmentation key is obtained by processing the fragmentation key on the intermediate parameters issued by the court, the data is encrypted and sent to the law enforcement officers, and the hash information of the data is published in the blockchain. The process is ended when t +1 (assuming that the number of the alliances is n) organizations send out transactions, and at the moment, the process enters a fragment key obtaining state;
Figure BDA0002376648080000055
Figure BDA0002376648080000056
...
Figure BDA0002376648080000057
Figure BDA0002376648080000061
wherein the content of the first and second substances,
Figure BDA0002376648080000062
ε1∈[1,l]for a random set of numbers chosen by law enforcement, law enforcement will be { φ1,...,φlSending the private decryption key request to each decryption mechanism, and verifying whether the private decryption key request corresponds to an authorization request of the court by each decryption mechanism; the request to verify the private decryption key may pass through a published transaction
Figure BDA0002376648080000063
And
Figure BDA0002376648080000064
and (6) checking.
S4, the alliance key management organization uploads transaction information in the blockchain to prove the validity of the provided sub-key, and AjFor example, the transaction is as follows:
Figure BDA0002376648080000065
s5, after receiving the more than t +1 slicing keys, law enforcement combines the slicing keys to generate decryption keys with corresponding attributes, namely the decryption keys can be stored in a storage system to collect data, and at the moment, evidence collection enters a data collection state and is triggered by law enforcement to be executed;
Figure BDA0002376648080000066
s6, after the law enforcement collected the data, further analyzing the collected data, at this time, the evidence collection enters the data analysis state, and the law enforcement triggers execution to generate
Figure BDA0002376648080000067
Transaction information;
Figure BDA0002376648080000068
s7, the law enforcement completes analysis of the evidence obtaining data, the law enforcement generates an evidence obtaining digital report to submit, the hash of the report is stored in the block chain to ensure the integrity of the data, the evidence obtaining enters an evidence obtaining report state at the moment, and the law enforcement triggers execution;
and S8, after receiving the evidence obtaining report, the court finishes accepting evidence obtaining from the court, and triggers the evidence obtaining process to enter a finished state together with the law enforcement agency.
In addition, in the digital forensics method based on block chain privacy protection and fine-grained access control, a data fine-grained access control scheme based on federation chain multi-mechanism distributed key management is designed, and the distributed key management is shown in fig. 4. Specifically, the method comprises the following steps:
s1, firstly, a plurality of trusted authorities jointly generate a system main public key based on the DKG protocol, and the private key information owned by each authority is assumed to be
Figure BDA0002376648080000069
αiFor each randomly chosen parameter of the organization, the master public key of the system is then:
Figure BDA00023766480800000610
wherein λjThe method refers to a secretly shared Lagrange system, N is the number of trusted authorities, and then the master public key of the system is set as MPK ═ G (G, p, G, e (G, G)a,H0,H1,H2) The master private key is set to MSK { a }, H0,H1,H2Is a cryptographic one-way hash function;
and S2, collecting data on each sensor on each vehicle in real time for the process of obtaining evidence in each vehicle, wherein the data are encrypted in a symmetric mode in a mixed encryption mode, and the symmetric key realizes an attribute-based encryption scheme through KP-ABE. Assume that the data collected by the forensics process is used for did,type,tA representation, the id representing an identity of a forensic vehicle; the type represents data type, such as steering wheel, brake, safety belt information; the t represents a time stamp. The time period assumes that the vehicle collects data at an integer number of times. To encrypt did,type,tThe following method is adopted: the forensics daemon randomly generates two numbers s1∈ZpAnd ε1∈GTAnd calculating a hash value k1=H21). Then siBy symmetric encryption algorithms and using k1Encrypted data did,type,t(ii) a The symmetric encryption algorithm comprises AES-128; and the following values were calculated:
Figure BDA0002376648080000071
Figure BDA0002376648080000072
Figure BDA0002376648080000073
where theta is1Is defined as data did,type,tA corresponding download link.
Figure BDA0002376648080000074
Is stored in the storage layer. Given a download link, Private Information Retrieval (PIR) techniques may be employed when retrieving data from the storage tier, thereby protecting the privacy of attributes without exposing other attributes.
S3, positioning the object information to be forensically collected by law enforcement as a string of characters, where the characters agree with the attribute information (i.e. request policy) to be forensically collected, including forensics object, forensics data type and forensics time information, as follows:
A=(id:Alice","type:steering wheel","t:2019/07/22 22:00")
the information belongs to sensitive information and is put in a block chain after being encrypted;
and S4, after receiving the data of the evidence obtaining attribute of the law enforcement officer, the court evaluates whether to approve the investigation request. If not, the court submits a transaction that terminates the forensics state machine instance, causing the FSM state transition to complete. Otherwise, the court selects a set of random numbers r1,…,rl←ZpAnd generates the following values:
Figure BDA0002376648080000075
Figure BDA0002376648080000076
res=(ξ12,...,ξl)
where res is the corresponding message to be sent back to the law enforcement officer over the secure channel.
To securely obtain the private decryption key that satisfies access structure a, law enforcement masks the value res and sends it to different authorities to obtain enough subkeys to recover the decryption key S5. Each federation mechanism decides whether to provide the sharding key to law enforcement based on clues and judgments.
The master key is maintained by n decryption mechanisms together and is not recovered by any single mechanism. The recover decryption key, law enforcement needs to obtain a set of N t +1 shares of the decryption key from decryption authority a. Each decryption mechanism AjIt is blinded back using some random numbers to protect privacy and submit the transaction to the blockchain. In this way, the action of any decryption mechanism is recorded in the transaction and not denied because of the auditability of the forensic data. Note that before the split key is provided to law enforcement, AjThe state of the state machine will be verified to determine if Share retaval and rep are legitimate.
To protect the privacy of the investigation, the custom D-KP-ABE scheme is designed without revealing the attribute values ρ (1),.., ρ (l) to either party. Is provided with
Figure BDA00023766480800000818
Law enforcement selects a set of random numbers
Figure BDA0002376648080000081
ε1∈[1,l]And calculates a blind value for res as follows:
Figure BDA0002376648080000082
Figure BDA0002376648080000083
the law enforcement officer will then
Figure BDA0002376648080000084
To each institution. Note, the value
Figure BDA0002376648080000085
X∈[1,l]Has been randomly valued
Figure BDA0002376648080000086
And (4) shielding. Thus, the decryption mechanism AjA test attack cannot be launched to learn about the attribute values.
S6, assume AjConfirming that the request of the law enforcement officer is legal, the law enforcement officer will enter a fractional key recovery stage to help the law enforcement officer recover the data needing evidence collection. A. thejPrivate shard a using master key MSKjTo calculate SKjI.e. the sub-key of the decryption key SK, α ═ Pj∈N∈λjαj. Since α cannot be completely reconstructed by any single decryption structure, ajCan not directly calculate
Figure BDA0002376648080000087
But he can use the partial key ajTo calculate intermediate parameters, i.e.
Figure BDA0002376648080000088
Wherein
Figure BDA0002376648080000089
a∈[1,l]. To prevent law enforcement or the public from knowing
Figure BDA00023766480800000810
AjSelecting a random number rj′∈ZpAnd calculates a secret sub-key
Figure BDA00023766480800000811
The following were used:
Figure BDA00023766480800000812
Figure BDA00023766480800000813
Ajlet SKjTo be sent to law enforcement. In particular, to allow public auditing AjThe provided sub-key is indeed calculated on the basis of authorized credentials, which can be certified using zero-knowledge certification techniques
Figure BDA00023766480800000814
Is indeed based on the authorization parameter res ═ (ξ)12,...,ξl)。
S7, if the law enforcement officer collected t +1 arbitrary set N of correct partial keys. The partial key is expressed as
Figure BDA00023766480800000815
In particular, law enforcement officers multiply the index by
Figure BDA00023766480800000816
To recover the final secret sub-key. For example, to recover SK1The law enforcement officer is
Figure BDA00023766480800000817
Are exponentially respectively 1/r1,1,...,1/r1,lMultiply and then obtain
Figure BDA0002376648080000091
AjWithout revealing the secret sub-key ajAnd law enforcement still can recover the decryption key of the data of collecting evidence under the condition of not knowing the key organization fragmentation, and the decryption key is recombined according to the DKG security protocol as follows:
Figure BDA0002376648080000092
the above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (10)

1. A digital evidence obtaining method based on block chain privacy protection and fine-grained access control is characterized in that a plurality of supervisors form a alliance chain, namely a plurality of trusted authorities form the alliance chain, nodes in the alliance chain trigger evidence obtaining execution in a transaction mode, and a specific evidence obtaining process comprises the following steps:
s1, the first supervisor establishes digital evidence-obtaining transaction by logging in the user management module, initiates a digital evidence-obtaining transaction request to the second supervisor, and transmits important information of the digital evidence-obtaining transaction to the second supervisor through a safety channel;
s2, after receiving the important information, the second supervisor generates attribute encryption intermediate parameters through the encryption module, and the attribute encryption intermediate parameters are authorized by the second supervisor and then are published in the block chain;
s3, after obtaining authorization of a second supervisor, a first supervisor obtains a slicing key from a key management mechanism module through authorization information, wherein the key management mechanism module is composed of a plurality of trusted mechanisms, and the trusted mechanisms control the key through a data fine-grained access control method;
s4, after receiving the slicing keys, the first supervisor combines the slicing keys to generate decryption keys, and the data acquisition module acquires data in the storage system through the decryption keys;
s5, after the first supervisor collects data, the data are analyzed through a data analysis module to obtain a data analysis result;
s6, the data report generating module generates a forensics digital report according to the data analysis result and stores the forensics digital report in the block chain; and after receiving the evidence obtaining digital report, the second supervisor triggers the completion of evidence obtaining together with the first supervisor.
2. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 1, wherein in step S1, the important information comprises sensitive information of forensics attributes.
3. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 1, wherein the step S2 is specifically: and after receiving the important information transmitted by the first supervisor through the secure channel, the second supervisor generates a D-KP-ABE attribute encryption intermediate parameter, and the second supervisor signs and authorizes the D-KP-ABE attribute encryption intermediate parameter and then releases the D-KP-ABE attribute encryption intermediate parameter to the block chain, namely, the evidence obtaining transaction request is authorized by the second supervisor.
4. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 1, wherein the step S3 is specifically: after obtaining the authorization of a second supervisor by a first supervisor, the first supervisor obtains a fragmentation key from a key management mechanism module through authorization information, the key management mechanism module consists of a plurality of trusted mechanisms, and the trusted mechanisms control the key through a data fine-grained access control method, namely the key management mechanism module encrypts intermediate parameters and the own fragmentation key according to attributes to obtain fragmentation key data, encrypts the fragmentation key data and sends the fragmentation key data to the first supervisor, and publishes hash information of the key data in a block chain; the key management authority module uploads transaction information in a blockchain.
5. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 4, wherein the key management module controls the key by a data fine-grained access control method, specifically: a master key management scheme for generating DKG based on a distributed key of a alliance chain multi-mechanism is constructed, and a D-KP-ABE attribute encryption scheme for protecting privacy of access policies is designed on the basis of the master key management scheme.
6. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 1, wherein the step S4 is specifically: after the first supervisor receives the slicing keys, when the number of the slicing keys is larger than a threshold value K, the slicing keys are combined to generate decryption keys with corresponding attributes, and the data acquisition module acquires data with corresponding attributes in the storage system through the decryption keys.
7. The digital forensics method based on blockchain privacy protection and fine-grained access control according to claim 6, further comprising the decryption module verifying whether the request for decryption key corresponds to an authorization request of the second supervisor, the verification being checked through the issued transaction.
8. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 6, wherein the threshold value K is t +1, and t is the minimum number of fragments for recovering a decryption key negotiated and set between supervisors.
9. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 1, wherein the step S5 is specifically: after the first supervisor collects data, the data are analyzed through a data analysis module to obtain a data analysis result; the analysis process adopts the technical means of software and hardware digital evidence obtaining to analyze the collected data.
10. The digital forensics method based on block chain privacy protection and fine-grained access control according to claim 1, wherein the step S6 is specifically: the data report generation module generates a forensic digital report according to the data analysis result, and the first monitoring party submits the forensic digital report and stores the hash of the forensic digital report in the blockchain.
CN202010068479.8A 2020-01-21 2020-01-21 Digital evidence obtaining method based on block chain privacy protection and fine-grained access control Active CN111327597B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010068479.8A CN111327597B (en) 2020-01-21 2020-01-21 Digital evidence obtaining method based on block chain privacy protection and fine-grained access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010068479.8A CN111327597B (en) 2020-01-21 2020-01-21 Digital evidence obtaining method based on block chain privacy protection and fine-grained access control

Publications (2)

Publication Number Publication Date
CN111327597A CN111327597A (en) 2020-06-23
CN111327597B true CN111327597B (en) 2022-02-11

Family

ID=71165193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010068479.8A Active CN111327597B (en) 2020-01-21 2020-01-21 Digital evidence obtaining method based on block chain privacy protection and fine-grained access control

Country Status (1)

Country Link
CN (1) CN111327597B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11223487B2 (en) * 2020-03-19 2022-01-11 Jinan University Method and system for secure blockchain-based vehicular digital forensics
CN111858519B (en) * 2020-07-10 2023-08-01 北京远景视点科技有限公司 System and method for sharing confidential data on blockchain
CN112383391B (en) * 2020-11-12 2024-03-19 北京安御道合科技有限公司 Data security protection method based on data attribute authorization, storage medium and terminal
CN112800457B (en) * 2021-01-13 2023-03-24 迅鳐成都科技有限公司 Sensitive information supervision method and system for block chain network
CN112784306B (en) * 2021-02-01 2023-01-31 杭州链网科技有限公司 Cross-chain escrow method and system based on key fragmentation and multi-signature
CN112906036B (en) * 2021-03-24 2022-10-04 合肥工业大学 Internet of vehicles anonymous security evidence obtaining method and system based on block chain technology
CN112883407B (en) * 2021-04-04 2022-05-24 湖南科技学院 Privacy data full life cycle protection method and system based on Internet of vehicles
US11822701B2 (en) * 2021-04-09 2023-11-21 VIQ Solutions Inc. Securing and managing offline digital evidence with a smart data lease system
CN113761492A (en) * 2021-08-17 2021-12-07 国网山东省电力公司信息通信公司 Trusted data storage method and system, computer equipment and terminal
CN115567247B (en) * 2022-08-31 2024-03-19 西安电子科技大学 Decentralized multi-authority privacy protection data access control method and system
CN115550026B (en) * 2022-09-26 2023-07-04 建信金融科技有限责任公司 Multi-supervision method, system and storage medium based on blockchain transaction

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084068B (en) * 2018-01-26 2023-09-29 阿里巴巴集团控股有限公司 Block chain system and data processing method for block chain system
CN109559117B (en) * 2018-11-14 2022-05-20 北京科技大学 Block linkage contract privacy protection method and system based on attribute-based encryption
CN110098919B (en) * 2019-04-26 2021-06-25 西安电子科技大学 Block chain-based data permission acquisition method

Also Published As

Publication number Publication date
CN111327597A (en) 2020-06-23

Similar Documents

Publication Publication Date Title
CN111327597B (en) Digital evidence obtaining method based on block chain privacy protection and fine-grained access control
US11223487B2 (en) Method and system for secure blockchain-based vehicular digital forensics
JP6941146B2 (en) Data security service
Ma et al. Blockchain-driven trusted data sharing with privacy protection in IoT sensor network
JP6678457B2 (en) Data security services
CN111464980A (en) Electronic evidence obtaining device and method based on block chain in Internet of vehicles environment
Li et al. Toward vehicular digital forensics from decentralized trust: An accountable, privacy-preserving, and secure realization
Yao et al. Accident responsibility identification model for Internet of Vehicles based on lightweight blockchain
Zhang et al. Secure and reliable parking protocol based on blockchain for VANETs
Elavarasu et al. Block chain based secure data transmission among internet of vehicles
CN114553463A (en) Internet of things perception data management system and management method based on block chain
CN116388986B (en) Certificate authentication system and method based on post quantum signature
CN110708156B (en) Communication method, client and server
Feng et al. Autonomous vehicles' forensics in smart cities
Onishi A survey: Engineering challenges to implement vanet security
Aljumaili et al. A Review on Secure Authentication Protocols in IOV: Algorithms, Protocols, and Comparisons
Kumagai et al. Distributed Public Key Certificate‐Issuing Infrastructure for Consortium Certificate Authority Using Distributed Ledger Technology
CN115776396A (en) Data processing method and device, electronic equipment and storage medium
Stromire et al. Empowering smart cities with strong cryptography for data privacy
Das et al. Design of a trust-based authentication scheme for blockchain-enabled iov system
Ferdous et al. Immutable autobiography of smart cars
Ebbers et al. Grand theft API: A forensic analysis of vehicle cloud data
Kilic TLS-handshake for Plug and Charge in vehicular communications
Islam et al. A framework for city wide activity data recorder and providing secured way to forensic users for incidence response
Hasan et al. Permissioned Blockchain-Based Techniques for Refining the Data Security in Commercial Aviation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant